Subject: Re: [patch] source-address selection
To: None <tech-net@netbsd.org>
From: David Young <dyoung@pobox.com>
List: tech-net
Date: 02/22/2007 01:52:19
On Tue, Sep 05, 2006 at 11:15:25AM +0300, Mihai CHELARU wrote:
> David Young wrote:
>
> > For review, here are my latest patches adding a mechanism
> > for enforcing an IPv4 source-address selection policy,
> > <ftp://cuw.ojctech.com/cuw/netbsd-e3b075d7/pristine-selsrc-patch>.
> [..]
>
> Great work ! Thank you !
>
> [..]
> > preference ranks by _source preference_; lower preference
> > numbers are ranked more highly
>
> Preference should do exactly the opposite. Higher preference for higher
> rank. This is the logical way. If user sets an address without preference
> it should default to 0.
Mihai,
(Six months later....)
I agree with you. I'm going to change the sense of 'preference', update
docs, and send a pull-up request for 4.0.
> > _destination address_. A category is one of
> > "private", "link-local", or "other". If the
> > categories exactly match, same-category assigns a
> > rank of 2. Some sources are ranked 1 by category:
> > a link-local source with a private destination,
> > a private source with a link-local destination,
> > and a private source with an "other" destination
> > rank 1. All other sources rank 0.
> >
> > Categories are defined as follows.
> >
> > private: RFC1918 networks, 192.168/16, 172.16/12,
> > and 10/8,
> >
> > link-local: 169.254/16, 224/24
> >
> > other: all other networks---i.e., not private,
> > not link-local
>
> Uhm, I don't understand this. Isn't common prefix enough ? Why is 224/24
> (shouldn't be 224/4 ?) link-local ? Maybe you wanted 240/4 ? Also for
> link-local I suggest adding 0/8. But the first question remains: why do we
> need this ?
I don't remember if I answered this. Common prefix is not enough
because 224/24 and 169.254/16 do not have a common prefix, but they
nevertheless have "link-local" semantics, so an operator may want to
treat them alike---I do!
Can you explain a bit more about 0/8 ? ISTR that is a BSDism that
appeases dhclient somehow?
Curious whether you've used IPSELSRC any?
Dave
--
David Young OJC Technologies
dyoung@ojctech.com Urbana, IL * (217) 278-3933